Phishing attack prevention is a distant goal for enterprises and can never be fully attainable in the presence of malicious cyber attackers. The bygone week in the cyber realm was full of data breaches and millions of dollars lost to cyberattackers. This serves as a lesson for enterprises to be more watchful of their anti-phishing solutions.
Misconfigured Database Reveals Major Amazon Review Scam
Researchers at SafetyDetectives recently discovered an unencrypted Elasticsearch server online, which revealed a major fake review scam ongoing among Amazon vendors. The misconfigured database contained 7 GB (13 million records) of data belonging to counterfeit reviewers. These details included their email addresses, surnames, PayPal details, linked Amazon review profile details, and the Whatsapp and Telegram numbers of the concerned vendor.
These scams begin with the vendor sending their product list to the fake reviewers. Once the reviewers leave a five-star review, they send a link (proof) to the vendor to receive the payment in their PayPal accounts. Often, they can keep the product itself as payment for their review. Over 200,000 fake reviewers had their data compromised because of the misconfigured database. The database owner remains unknown, but the database itself has been secured. It is assumed that third parties are involved in this whole scheme of procuring reviewers for Amazon vendors. Those who remember being a part of any product reviewing group on Facebook or WeChat or perhaps engaging in any such fake reviewing scam must keep an eye on their online accounts and take necessary anti-phishing protection measures.
Ransomware Hits City Of Tulsa
Ransomware hit the city of Tulsa in the United States last weekend, which brought down parts of the city’s network and official websites. Tulsa, Oklahoma, the 47th largest city in the US and the nth in line for cyberattacks on city governments. It’s fortunate that the city’s network was attacked in the after-office hours on a weekend evening and not on a working day when the city computers were functioning.
The city’s IT team took proactive measures and recovered several affected systems using backups. The city website is already up and running, and the IT team hopes to recover the remaining systems by this week. Since attacks on city governments are increasing, adopting phishing protection measures and having updated backups (like the city of Tulsa) ensure minimal damage.
City Of Chicago Undergoes Data Breach
The US law firm Jones Day underwent a Clop ransomware attack in February 2021. Recently, the adversaries leaked a portion of the documents stolen from Jones. Consequently, some of the employee email accounts of the city of Chicago were exposed. The city had shared some emails with Jones for an independent inquiry. Accellion’s FTA file sharing service, which reached end-of-life on 30th April 2021, was involved in the incident. Around 50 customers continued to use FTA when it experienced a cyber attack in December last year.
Investigations revealed that only four former employees of the city who used FTA services to send emails were affected. The city of Chicago has no evidence of any fraud so far, but it is taking phishing attack prevention measures. The FBI, the Chicago Department of Assets, Information, and Services, and the Illinois Attorney General’s office have already been informed about the security incident. Furthermore, the city has tracked down the individuals who received emails from the breached accounts and notified them about the same.
Babuk Ransomware Hits Japanese Manufacturer Yamabiko
The Babuk ransomware gang, which announced its retirement after attacking Washington DC’s police department last month, is back with another attack. Babuk recently targeted the Tokyo-based power tools and agricultural and industrial machinery manufacturer Yamabiko. Although Yamabiko hasn’t confirmed the episode yet, Babuk has leaked some of its data on the dark web. These include Yamabiko’s financial data, employees’ PII, product schematics, etc.
The ransomware gang has also been involved in exploiting VPN vulnerabilities in the past. Much like the retirement announcement, which went for a toss, its claim on open-sourcing its code for RaaS actors was taken down as well. Babuk has reportedly stolen 0.5 TB worth of data from Yamabiko. As we await a statement or notice from Yamabiko, we can only hope that it had robust phishing prevention systems in place. Yamabiko employees should look out for phishing emails and other unusual activities on their accounts.
Ryuk Ransomware Hits Norwegian Firm Volue
The Norwegian green energy solutions provider Volue recently underwent a ransomware attack. The Ryuk ransomware gang is suspected to be responsible for the attack. Volue was formed last year following a merger of Wattsight, Scanmatic, Powel, and Markedskract into an international group serving over 2.2k customers in 44 countries. The attack on Volue took place on 5th May and brought down some of its applications.
The company has been working on restoring its systems ever since, using cloud backups that were luckily not affected by the security incident. Volue recommends customers log out from its servers, change their passwords, and adopt the phishing prevention best practices. The firm has assured that there is no evidence of any misuse of the affected customer data.
Conti Ransomware Hits Ireland’s National Health Service
The Health Service Executive (HSE) – Ireland’s national health service underwent a ransomware attack this week. It is believed that the Conti ransomware gang is behind the attack. All of HSE’s IT systems were shut down temporarily to contain the attack. The health service describes the attack as a high-end sophisticated one that kept its staff off the online systems, unable to access patients’ electronic records, and made some of its databases and apps inaccessible.
As HSE’s IT teams continue to investigate the incident, the COVID-19 vaccination program continues without interruptions. However, some routine checks and services are expected to be delayed. HSE is yet to find the ransomware note among one of its encrypted files. While the investigations continue and HSE executes its phishing prevention schemes, citizens need to keep calm and look for updates on their official websites and accounts.
Flipkart Password Changed Advised For Bigbasket Users
The recent attack on BigBasket continues to spread terror as cybersecurity researcher Rajashekhar Rajaharia warns users against potential Flipkart account compromises. Rajaharia discovered a database online containing the details of BigBasket users, which are selling as details of Flipkart and Amazon users. This is true for most records, as people often use the same email and login credentials across all online accounts. As a result, there might be unauthorized transactions from victims’ Flipkart accounts in the coming days, especially those who also use BigBasket.
While Amazon has an added security layer that demands an OTP for every sign-in from a new browser, Flipkart comes without any such measure for protection against phishing. Rajaharia appealed to Flipkart to strengthen its security and data protection measures, but the company spokesperson merely emphasized the efforts Flipkart already takes to protect its customers’ privacy. There is a dire need to enable MFA for Flipkart accounts.